Aggregator

US CISA Endorses Encrypted Apps Amid Chinese Telecom Hack

DataBreachToday.com
9 months ago
CISA Recommends Strict Mobile Security Measures Following Salt Typhoon Telecom Hack
The Cybersecurity and Infrastructure Security Agency's latest guidance calls on top U.S. political and government officials to adopt stricter mobile security measures in response to the Salt Typhoon hacking campaign, a Chinese espionage effort that has infiltrated major telecom systems.

OPSWAT Expands Critical Infrastructure Defense With Fend Buy

DataBreachToday.com
9 months ago
Data Diodes Enhance Air-Gapped Network Security, Deliver Advanced Network Isolation
OPSWAT's acquisition of Fend integrates advanced hardware-based security with OPSWAT's platform, delivering robust protection against cyberattacks on critical infrastructure like power grids and water systems. Fend's small-form-factor data diodes meet the demand for affordable, scalable solutions.

Proposed UK White Hat Legal Shield Fails in House of Lords

DataBreachToday.com
9 months ago
Amendment to Computer Misuse Act Fails During Bloc Vote
A proposed amendment to British anti-hacking law that would have provided a legal shield to white hat hackers failed Wednesday in the House of Lords. Under the Computer Misuse Act, access to a computer system without adequate consent from the system owner is illegal.

Critical Flaws Expose 25,000 SonicWall Devices to Hackers

DataBreachToday.com
9 months ago
Many SonicWall Firewalls Are Unsupported or Lack Patches for Known Vulnerabilities
Thousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware.

倒计时2天,2024补天白帽黑客年度盛典全攻略!

不安全
9 months ago
尊敬的白帽黑客们,2024补天白帽年度盛典即将开启,特别准备了一份详尽的会前参会指南。 盛典议程请查收盛典日程表,关注您感兴趣的议题和活动,合理规划时间。特色活动请参加活动的师傅们务必带装备,有备无患

SANS:2024年检测与响应(DR)报告解读

不安全
9 months ago
2024年11月,SANS发表了针对检测与响应(DR)的首份调研报告。正如这份报告的副标题——安全运营转型中:检测与响应的智能化、自动化和集成化——所言,SANS认为检测与响应(DR)的未来发展方向的

英国电信部门遭遇网络攻击被迫关闭服务器

嘶吼
9 months ago

跨国电信巨头 BT 集团(前身为英国电信)已确认,其 BT 会议业务部门在 Black Basta 勒索软件泄露后关闭了部分服务器。

据悉,英国电信集团是英国领先的固定和移动电信提供商,它还为 180 个国家/地区的客户提供托管电信、安全以及网络和 IT 基础设施服务。

目前,该公司发言人表示,这起安全事件并未影响 BT 集团的运营或 BT 会议服务,尚不清楚是否有任何系统被加密或仅数据被盗。虽然英国电信表示这只是试图破坏他们的平台,但他们也表示他们已将受影响的服务器下线。

在此之前,Black Basta 勒索软件团伙声称他们破坏了该公司的服务器,并窃取了 500GB 的数据,包括财务和组织数据、“用户数据和个人文档”、NDA 文件、机密信息等。

Black Basta 泄露网站上的 BT 会议条目

该网络犯罪组织还发布了该公司在招聘过程中要求的文件的文件夹列表和多个屏幕截图,作为其主张的证据。

该勒索软件团伙还为其暗网泄露网站添加了倒计时,称被盗的数据即将泄露。威胁者声称从 BT 会议服务器窃取了数百 GB 的文档,这是一次严重的数据泄露事件。

英国电信集团发言人补充道:“我们正在继续积极调查这一事件的各个方面,并与相关监管和执法机构合作,作为我们应对措施的一部分。” 

Black Basta 勒索软件即服务 (RaaS) 操作于 2022 年 4 月浮出水面,并在全球范围内造成了许多知名受害者,其中包括医疗保健公司和政府承包商。一些著名的受害者包括美国医疗保健巨头 Ascension、英国技术外包公司 Capita、德国国防承包商莱茵金属、政府承包商 ABB、现代汽车欧洲分部、多伦多公共图书馆、美国牙科协会和加拿大黄页。CISA 和 FBI 今年 5 月表示,Black Basta 附属机构已入侵 500 多个组织,截至 2023 年 11 月,从 90 多名受害者那里收取了至少 1 亿美元的赎金。

胡金鱼

Managed ad